I'm fairly certain I've read something where this was requested before but I couldn't seem to find it in my quick search so I apologize as this is likely a duplicate.

I'm thinking of something like a checkbox under Restrictions > Start/Run Access for 'Exempt valid, digitally signed apps' or some such. Essentially this feature would just have to verify the digital signature of an exe and allow it to run if valid [if the option is checked] but not allow unsigned or broken files to launch unless already on the list as it currently exists when 'Allow All programs' isn't used. It could still fall back to the current handler for the others where we can continue to add unsigned programs, bats, etc manually. I think having this option would make using run restrictions much easier for novice users and I'd like to see it on my kids PC as well so I would have to login and edit the configuration less while still being able to have run restrictions in place to avoid most baddies, which don't tend to be signed :D

I suppose this could also be flipped to something like 'Do not allow corrupt, invalid, or unsigned exes to launch unless on the list'?

I'm currently using SRP on that machine to accomplish this instead of SBIE run restrictions but it took some extra work, that I doubt the standard user could pull off without help, while all the programs I'm worried about already run in a box and it would just seem more natural to handle it from within SBIE instead. So while I have accomplished what I want [without using the SBIE restrictions] I think it'd be much easier all around if there was an option within SBIE for this....does that make sense? Likely not, I confused myself reading it......but anyway I'll check back when sober and see :P